Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/08/07 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-42852

Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component...

6.1CVSS6.2AI score0.00731EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/08/06 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-54987

A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture...

9.8CVSS6AI score0.2079EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2025/08/06 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-54948

A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations...

9.8CVSS6AI score0.2079EPSS
Exploits0References8
VulnCheck KEV
VulnCheck KEV
added 2025/08/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-51978

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...

9.8CVSS5.8AI score0.7656EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/08/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-40799

Data Integrity Failure in 'Backup Config' in D-Link DNR-322L = 2.60B15 allows an authenticated attacker to execute OS level commands on the device...

8.8CVSS5.9AI score0.31328EPSS
Exploits3References4
VulnCheck KEV
VulnCheck KEV
added 2025/08/05 12:0 a.m.7 views

VulnCheck KEV: CVE-2020-25079

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

9CVSS5.8AI score0.52717EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2025/08/05 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-7771

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke...

8.7CVSS6.2AI score0.08963EPSS
Exploits8References9
VulnCheck KEV
VulnCheck KEV
added 2025/08/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-38196

Windows Common Log File System Driver Elevation of Privilege Vulnerability...

7.8CVSS5.8AI score0.05722EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/08/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34143

An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...

9.3CVSS6.4AI score0.29857EPSS
Exploits0References128
VulnCheck KEV
VulnCheck KEV
added 2025/08/01 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-30090

Microsoft Streaming Service Elevation of Privilege Vulnerability...

7CVSS5.8AI score0.01965EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/08/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-36675

LyLmespage v1.9.5 is vulnerable to Server-Side Request Forgery SSRF via the gethead function...

9.1CVSS5.8AI score0.01426EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.10 views

VulnCheck KEV: CVE-2024-11587

A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has bee...

6.1CVSS4AI score0.00886EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-2712

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. The exploi...

6.1CVSS3.8AI score0.0079EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-34141

A reflected cross-site scripting XSS vulnerability exists in ETQ Reliance CG legacy platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The...

5.1CVSS5.8AI score0.01907EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.11 views

VulnCheck KEV: CVE-2025-2264

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed...

7.5CVSS5.9AI score0.38656EPSS
Exploits2References183
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-32813

An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur...

7.2CVSS5.8AI score0.43042EPSS
Exploits0References180
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.7 views

VulnCheck KEV: CVE-2011-3315

Directory traversal vulnerability in Cisco Unified Communications Manager CUCM 5.x and 6.x before 6.15SU2, 7.x before 7.15bSU2, and 8.x before 8.03, and Cisco Unified Contact Center Express aka Unified CCX or UCCX and Cisco Unified IP Interactive Voice Response Unified IP-IVR before 6.01SR1ES8,...

7.8CVSS5.9AI score0.26393EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-49493

Akamai CloudTest before 60 2025.06.02 12988 allows file inclusion via XML External Entity XXE injection...

5.8CVSS5.8AI score0.03395EPSS
Exploits2References135
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.10 views

VulnCheck KEV: CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

8.2CVSS5.8AI score0.01923EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-2034

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if...

9.3CVSS7.5AI score0.06592EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-8194

Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download...

6.5CVSS7.3AI score0.10695EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.16 views

VulnCheck KEV: CVE-2014-125123

An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel developed by LXCenter prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the...

10CVSS6.2AI score0.00696EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/07/30 12:0 a.m.20 views

VulnCheck KEV: CVE-2025-49533

Adobe Experience Manager MS versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Scope is unchanged...

9.8CVSS6.3AI score0.44894EPSS
Exploits0References16
VulnCheck KEV
VulnCheck KEV
added 2025/07/30 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-4270

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to informatio...

7.5CVSS4.9AI score0.10269EPSS
Exploits1References28
VulnCheck KEV
VulnCheck KEV
added 2025/07/30 12:0 a.m.11 views

VulnCheck KEV: CVE-2018-4237

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a...

7.8CVSS7.3AI score0.1392EPSS
Exploits5References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-35232

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...

6.8CVSS6.1AI score0.003EPSS
Exploits0References16
VulnCheck KEV
VulnCheck KEV
added 2025/07/29 12:0 a.m.36 views

VulnCheck KEV: CVE-2025-5394

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...

9.8CVSS6.2AI score0.47809EPSS
Exploits3References4
VulnCheck KEV
VulnCheck KEV
added 2025/07/28 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-2533

A Cross-Site Request Forgery CSRF vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session...

8.8CVSS6AI score0.29246EPSS
Exploits1References6
VulnCheck KEV
VulnCheck KEV
added 2025/07/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-6495

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

7.5CVSS5.9AI score0.00436EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/25 12:0 a.m.11 views

VulnCheck KEV: CVE-2014-125119

A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The issue arises due to inconsistencies between the Central Directory and Local File Header entries in ZIP files. When viewed in WinRAR, the file name from the Central Directory is displayed to the use...

8.4CVSS6AI score0.01495EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/07/24 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-24000

Authentication Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP post-smtp allows Authentication Bypass.This issue affects Post SMTP: from n/a through = 3.2.0...

5.8AI score0.00546EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/23 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-34163

Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST reques...

10CVSS6.6AI score0.0061EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/07/23 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-34162

An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebServiceForFirstaidApp.asmx interface. The backend fails to properly sanitize user-supplied input i...

9.3CVSS6.2AI score0.00763EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/07/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-32814

An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur...

9.8CVSS5.9AI score0.36412EPSS
Exploits0References12
VulnCheck KEV
VulnCheck KEV
added 2025/07/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-23397

The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no...

6.1CVSS5.8AI score0.00913EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-30220

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

9.9CVSS5.8AI score0.50825EPSS
Exploits1References64
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-3481

The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection...

9.8CVSS5.9AI score0.03686EPSS
Exploits2References126
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-30194

Prestashop posstaticfooter = 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook...

9.8CVSS5.9AI score0.32413EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-20337

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to...

10CVSS6.2AI score0.65098EPSS
Exploits0References175
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...

5.3CVSS5.8AI score0.01022EPSS
Exploits0References68
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.108 views

VulnCheck KEV: CVE-2024-34193

smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading...

7.5CVSS5.8AI score0.00623EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-32815

An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur...

6.5CVSS5.8AI score0.34188EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-41646

An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device...

9.8CVSS5.9AI score0.40725EPSS
Exploits2References140
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-4281

A vulnerability, which was classified as problematic, was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This affects an unknown part of the file /api/GylOperator/LoadData. The manipulation leads to information disclosure. It is possible to initiate the attack...

5.3CVSS5AI score0.00279EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.15 views

VulnCheck KEV: CVE-2023-5683

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btnfilerenew leads to os command injection. The attack may be initiated...

9.8CVSS5.5AI score0.1798EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-52488

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been...

8.6CVSS5.7AI score0.29345EPSS
Exploits1References77
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.14 views

VulnCheck KEV: CVE-2019-3495

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be...

9CVSS6AI score0.05037EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-28137

The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

9.8CVSS6AI score0.11198EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.14 views

VulnCheck KEV: CVE-2023-5285

A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENTID leads to sql injection. The attack can be launched remotely. The...

7.5CVSS5.6AI score0.00624EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.11 views

VulnCheck KEV: CVE-2025-34027

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use TOCTOU write in combination...

10CVSS6.4AI score0.35993EPSS
Exploits0References135
Total number of security vulnerabilities4985